Criminal hackers increasingly attracted to smaller businesses

Even the smallest web based business in the world will attract criminal hackers interested in stealing financially valuable data.

Even the smallest web based business in the world will attract criminal hackers interested in stealing financially valuable data.

Criminals will always go where the money is, whether it is stashed away in the vaults of the world’s biggest banks, tapped via the customer details of a medium sized organization, right down to the modest takings of the Mom and Pop web store.

Sadly these smaller businesses, usually lacking the security resources of the big corporations, are increasingly on the radar of the cyber criminal community.

A recent Ponemon Institute survey of US small businesses showed that 55 percent of respondents had a data breach, almost all involving electronic records, and 53 percent had multiple breaches, according to eWeek.

You hear about the big breaches on the news but what you don’t hear is how they happen every day at a lot of medium or small companies,” Angie Keating, CEO of Reclamere, a data security company, told Fox News on how smaller firms are being hit.

More and more companies are buying cyber insurance to protect their organizations from the financial consequences of a data breach according to US insurance giant, Marsh. It said that the number of its US clients purchasing cyber insurance increased 33% in 2012 over 2011, with those in the services and educational sectors leading the way.

On top of the criminal threats, the authorities may soon take a tougher line on organizations that suffer a breach, like this six figure case against a restaurant chain in Massachusetts. Some smaller businesses unable to afford to notify customers of a data breach, as the law requires, simply keep quiet. This is likely to policed more heavily in future.

For many small businesses, the company web site IS the business, and criminal hackers like nothing more than a vulnerable, poorly protected web site. It’s an easy way for them to steal customer details and other financially valuable information. In addition, malware can be placed on the small business site to infect visitors’ PCs through corrupted links. For example, a piece of malware will infect the visitor PC with a keylogger or other form of spyware to harvest sensitive logins and passwords for online banking sessions. Spam links can be hidden on the site, without the owner even knowing.

This is bad enough but then search engines like Google, and web browsers like Chrome and Firefox, will block the site as a carrier of malware. This is not good news for the reputation and growth of the business. The corrupted site will also show up in Google search results, telling the world to avoid the site.

How Google search results reveal sites that have been hacked and carry malware or spam links

Keeping the criminals at bay

Unfortunately the threat to smaller businesses is not likely to go away anytime soon but there are steps that small business owners can take to protect themselves and their customers – but it involves some extra work and vigilance on the part of the business owners.

Appoint a technical member of staff to take responsibility for cyber security and ensure they are fully aware of the software used across the business, that it is fully up to date with latest versions downloaded as soon as available. The employee must be suitably trained in defeating the techniques of criminal hackers.

This is especially important for web server maintenance as this is a key point of vulnerability exploited by criminal hackers, as discussed earlier.

If a third party is used for web hosting, ensure that the Service Level Agreement (SLA) is fully up to date and that the provider has committed to keep systems up-to-date, protected, and backed up. Given the increasing threat to smaller businesses, any SLA should be reviewed at least annually.

If security is too time consuming for your firm, then an outsourced security provider can be considered, with the same rules on SLAs applied.

Finally, all staff should be educated about maintaining online hygiene and the importance of strong passwords, not clicking on suspicious links and careful use of social media sites.